Feature Request: Add `weights_only=True` option in torch.load calls to address security warning

[charan05a8]

When using the sentence_transformers library, a warning appears due to torch.load being called with the default weights_only=False. This is causing the following warning message during model loading:

This warning implies a potential security risk because it allows untrusted pickle data to execute arbitrary code. Starting in future versions of PyTorch, weights_only=True will become the default, allowing only safe, pre-approved modules to be loaded.

Suggested Solution

We suggest adding support for weights_only=True in torch.load calls, specifically in models/Dense.py. This would help future-proof the library and align with PyTorch's upcoming security enhancements.

Steps to Reproduce the Warning

1. Load a model using the sentence_transformers library, for example:

   from sentence_transformers import SentenceTransformer
   model = SentenceTransformer('hkunlp/instructor-large')

2. Observe the warning message indicating that weights_only=False might pose security risks.

Additional Information

• PyTorch Version: [Your PyTorch version]
• sentence_transformers Version: [Your sentence_transformers version]
• Operating System: [Your OS]

Please let us know if any additional details would be helpful for implementation.

[tomaarsen]

Hello!

This has been integrated in #2927, which has been released in v3.1.0. Consider upgrading your Sentence Transformers version to take advantage of it:

pip install -U sentence_transformers

Sentence Transformers is currently fully backwards compatible when it comes to inference, so there's nothing to worry abut there.

• Tom Aarsen